© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Mirroring the feedback I got on the mailing list. Potentially we could add the missing bit to the required part of the 3.2 kvm-intel module. But then the comments about support and security make me wonder whether we really want to. There seems to be quite a bit of work to get even 3.13 (Trusty) into shape. Leave alone 3.2...
Paolo Bonzini wrote:
> Because if we wanted to make 3.14 nested VMX stable-ish we would need
> several more, at least these:
>
> KVM: nVMX: fix lifetime issues for vmcs02
> KVM: nVMX: clean up nested_
> KVM: nVMX: Rework interception of IRQs and NMIs
> KVM: nVMX: Do not inject NMI vmexits when L2 has a pending
> interrupt
> KVM: nVMX: Disable preemption while reading from shadow VMCS
>
> and for 3.13:
>
> KVM: nVMX: Leave VMX mode on clearing of feature control MSR
>
> There are also several L2-crash-L1 bugs too in Nadav Amit's patches.
>
> Basically, nested VMX was never considered stable-worthy. Perhaps
> that can change soon---but not retroactively.
>
> So I'd rather avoid giving false impressions of the stability of nVMX
> in 3.14.
>
> Even if we considered nVMX stable, I'd _really_ not want to consider
> the L1<->L2 boundary a secure one for a longer time.